216.73.217.176

CVE-2024-3511

· Published 23/06/2025 09:15 · Modified 23/06/2025 20:16

Labels: CVE-2024-3511 2025-06-23CVE-2024-3511CWE-863ed10eef1-636d-4fbe-9993-6890dfa878f8

Essential information

Published
23/06/2025 09:15
Modified
23/06/2025 20:16
Author
Creator
CVSS
4.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization. Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
ed10eef1-636d-4fbe-9993-6890dfa878f8
NVD
View on NVD

Affected products (CPE)

ProductCPE
wso2 / wso2 cpe:2.3:a:wso2:wso2:*:*:*:*:*:*:*:*

References